Total
7496 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43314 | 1 Gabelivan | 1 Asset Cleanup | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3. | |||||
| CVE-2024-43332 | 1 Meowapps | 1 Photo Engine | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0. | |||||
| CVE-2024-43341 | 1 Cozythemes | 1 Hello Agency | 2024-11-13 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5. | |||||
| CVE-2024-43343 | 1 Etoilewebdesign | 1 Order Tracking | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12. | |||||
| CVE-2024-43355 | 1 Beardev | 1 Joomsport | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0. | |||||
| CVE-2024-43923 | 1 Arraytics | 1 Wp Timetics | 2024-11-13 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23. | |||||
| CVE-2024-43925 | 1 Enviragallery | 1 Envira Gallery | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14. | |||||
| CVE-2024-43293 | 1 Wpzoom | 1 Recipe Card Blocks For Gutenberg \& Elementor | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1. | |||||
| CVE-2024-43296 | 1 Bplugins | 1 Html5 Video Player | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30. | |||||
| CVE-2024-43297 | 1 Backupbliss | 1 Clone | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. | |||||
| CVE-2024-43298 | 1 Backupbliss | 1 Clone | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. | |||||
| CVE-2024-43302 | 1 Fontsplugin | 1 Fonts | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7. | |||||
| CVE-2024-43310 | 1 Ukrsolution | 1 Print Labels With Barcodes | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9. | |||||
| CVE-2024-43312 | 1 Wpclever | 1 Wpc Frequently Bought Together For Woocommerce | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9. | |||||
| CVE-2024-43929 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-12 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4. | |||||
| CVE-2024-43928 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-12 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4. | |||||
| CVE-2024-10589 | 2024-11-12 | N/A | 9.8 CRITICAL | ||
| The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-10674 | 2024-11-12 | N/A | 8.8 HIGH | ||
| The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation. | |||||
| CVE-2024-10673 | 2024-11-12 | N/A | 8.8 HIGH | ||
| The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution. | |||||
| CVE-2024-10588 | 2024-11-12 | N/A | 4.3 MEDIUM | ||
| The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well. | |||||